Security Bulletin for IBM Tivoli NetView for z/OS Java API
JohnArnesen 110000NVJV Visits (1901)
This is John Arnesen with NetView and System Automation level 2 support.
A security bulletin was just released for Java API Documentation Frame Injection Vulnerability.
This applies to NetView z/OS v5r4 and v6r1 and NMC (NetView Management Console).
Here is the URL to find out more information: http
And here is a description of the issue:
DESCRIPTION: HTML documentation generated by the Javadoc tool contains security vulnerability. The vulnerability allows an attacker to craft a malicious link to the documentation which injects arbitrary content into the main frame. The injected content appears to originate from the site hosting the documentation, but in fact it is hosted elsewhere, and may contain malicious links or content. This type of attack is known as "clickjacking".
CVSS Base Score: 4.3